Giteabot [Fri, 17 Nov 2023 04:24:16 +0000 (12:24 +0800)]
Fix permissions for Token DELETE endpoint to match GET and POST (#27610) (#28099)
Backport #27610 by @evantobin
Fixes #27598
In #27080, the logic for the tokens endpoints were updated to allow
admins to create and view tokens in other accounts. However, the same
functionality was not added to the DELETE endpoint. This PR makes the
DELETE endpoint function the same as the other token endpoints and adds
unit tests
Giteabot [Tue, 14 Nov 2023 13:50:05 +0000 (21:50 +0800)]
enable system users for comment.LoadPoster (#28014) (#28032)
Backport #28014 by @earl-warren
System users (Ghost, ActionsUser, etc) have a negative id and may be the
author of a comment, either because it was created by a now deleted user
or via an action using a transient token.
The GetPossibleUserByID function has special cases related to system
users and will not fail if given a negative id.
Giteabot [Tue, 14 Nov 2023 01:56:21 +0000 (09:56 +0800)]
fixed duplicate attachments on dump on windows (#28019) (#28031)
Backport #28019 by @anudeepreddy
Hi,
This PR fixes #27988. The use of `path.join`(which uses `/` as the file
separator) to construct paths and comparing them with paths constructed
using `filepath.join`(which uses platform specific file separator) is
the root cause of this issue.
The desired behavior is to ignore attachments when dumping data
directory. Due to the what's mentioned above, the function
`addRecursiveExclude` is not actually ignoring the attachments directory
and is being written to the archive. The attachment directory is again
added to the archive (with different file separator as mentioned in the
issue) causing a duplicate entry on windows.
The solution is to use `filepath.join` in `addResursiveExclude` to
construct `currentAbsPath`.
Giteabot [Sun, 12 Nov 2023 10:29:56 +0000 (18:29 +0800)]
Move some JS code from `fomantic.js` to standalone files (#27994) (#28001)
Backport #27994 by @wxiaoguang
To improve maintainability, this PR:
1. Rename `web_src/js/modules/aria` to `web_src/js/modules/fomantic`
(the code there are all for aria of fomantic)
2. Move api/transition related code to
`web_src/js/modules/fomantic/api.js` and
`web_src/js/modules/fomantic/transition.js`
Giteabot [Wed, 8 Nov 2023 01:29:33 +0000 (09:29 +0800)]
Add word-break to repo description in home page (#27924) (#27957)
Backport #27924 by @yp05327
In #25315, @denyskon fixed UI on mobile view.
But for the repo description, on desktop view there's no word-break.
So maybe we can just add `gt-word-break` to fix it on both mobile view
and desktop view.
Giteabot [Tue, 7 Nov 2023 21:02:36 +0000 (05:02 +0800)]
Fix rendering assignee changed comments without assignee (#27927) (#27952)
Backport #27927 by @invliD
When an assignee changed event comment is rendered, most of it is
guarded behind the assignee ID not being 0. However, if it is 0, that
results in quite broken rendering for that comment and the next one.
This can happen, for example, when repository data imported from outside
of Gitea is incomplete.
This PR makes sure comments with an assignee ID of 0 are not rendered at
all.
---
Screenshot before:
<img width="272" alt="Bildschirmfoto 2023-11-05 um 20 12 18"
src="https://github.com/go-gitea/gitea/assets/42910/7d629d76-fee4-4fe5-9e3a-bf524050cead">
The comments in this screenshot are:
1. A regular text comment
2. A user being unassigned
3. A user being assigned
4. The title of the PR being changed
Comments 2 and 3 are rendered without any text, which indents the next
comment and does not leave enough vertical space.
Giteabot [Mon, 6 Nov 2023 18:07:22 +0000 (02:07 +0800)]
Unify two factor check (#27915) (#27929)
Backport #27915 by @KN4CK3R
Fixes #27819
We have support for two factor logins with the normal web login and with
basic auth. For basic auth the two factor check was implemented at three
different places and you need to know that this check is necessary. This
PR moves the check into the basic auth itself.
Giteabot [Mon, 6 Nov 2023 16:03:06 +0000 (00:03 +0800)]
Remove `known issue` section in Gitea Actions Doc (#27930) (#27938)
Backport #27930 by @lng2020
The bug has been fixed for several months in the
`docker/build-push-action`
The fix commit is
[d8823bfaed](https://github.com/docker/build-push-action/commit/d8823bfaed2a82c6f5d4799a2f8e86173c461aba)
as the Gitea Actions Doc mentioned too.
Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
Giteabot [Sun, 5 Nov 2023 13:20:00 +0000 (21:20 +0800)]
Remove action runners on user deletion (#27902) (#27908)
Backport #27902 by @earl-warren
- On user deletion, delete action runners that the user has created.
- Add a database consistency check to remove action runners that have
nonexistent belonging owner.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1720
Giteabot [Wed, 1 Nov 2023 23:19:02 +0000 (07:19 +0800)]
refactor postgres connection string building (#27723) (#27869)
Backport #27723 by @mpldr
This patchset changes the connection string builder to use net.URL and
the host/port parser to use the stdlib function for splitting host from
port. It also adds a footnote about a potentially required portnumber
for postgres UNIX sockets.
Fixes: #24552 Co-authored-by: Moritz Poldrack <33086936+mpldr@users.noreply.github.com>
Giteabot [Mon, 30 Oct 2023 11:25:40 +0000 (19:25 +0800)]
Always use whole user name as link (#27815) (#27838)
Backport #27815 by @denyskon
Starting from #25790 this shared template only linked the username of
the user if both display name and username were shown. I experienced
myself always trying to click on the display name - I think it is
annoying for others too.
Giteabot [Fri, 27 Oct 2023 12:17:27 +0000 (20:17 +0800)]
Upgrade xorm to 1.3.4 (#27807) (#27813)
Backport #27807 by @lng2020
Noticeable change:
Remove the `OrderBy("1") `
[patch](https://github.com/go-gitea/gitea/pull/27673#issuecomment-1768570142)
for mssql since xorm has [fixed
it](https://gitea.com/xorm/xorm/commit/0f085408afd85707635eadb2294ab52be04f3c0f).
Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
Giteabot [Wed, 25 Oct 2023 01:09:08 +0000 (09:09 +0800)]
Add gap between diff boxes (#27776) (#27781)
Backport #27776 by @silverwind
Before (almost no gap between files):
<img width="1240" alt="Screenshot 2023-10-24 at 19 43 32"
src="https://github.com/go-gitea/gitea/assets/115237/30cdbdbc-d102-479c-89ce-3f68837ae0cd">
After (with 8px gap):
<img width="1241" alt="Screenshot 2023-10-24 at 19 43 22"
src="https://github.com/go-gitea/gitea/assets/115237/72b26a30-8730-4a36-8de9-be143b684b98">
Giteabot [Tue, 24 Oct 2023 07:40:02 +0000 (15:40 +0800)]
Do not force creation of _cargo-index repo on publish (#27266) (#27765)
Backport #27266 by @merlleu
Hello there,
Cargo Index over HTTP is now prefered over git for package updates: we
should not force users who do not need the GIT repo to have the repo
created/updated on each publish (it can still be created in the packages
settings).
The current behavior when publishing is to check if the repo exist and
create it on the fly if not, then update it's content.
Cargo HTTP Index does not rely on the repo itself so this will be
useless for everyone not using the git protocol for cargo registry.
This PR only disable the creation on the fly of the repo when publishing
a crate.
This is linked to #26844 (error 500 when trying to publish a crate if
user is missing write access to the repo) because it's now optional.
Giteabot [Mon, 23 Oct 2023 13:04:53 +0000 (21:04 +0800)]
Fix duplicate project board when hitting `enter` key (#27746) (#27751)
Backport #27746 by @lng2020
When hitting the `enter` key to create a new project column, the request
is sent twice because the `submit` event and `key up` event are both
triggered.
Probably a better solution is to rewrite these parts of the code to
avoid using native jQuery but reuse the `form-fetch-action` class. But
it's beyond my ability.
Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
Giteabot [Sat, 21 Oct 2023 11:13:15 +0000 (19:13 +0800)]
Feed UI Improvements (#27356) (#27717)
Backport #27356 by @silverwind
Various improvements related to feeds:
- Fix markdown rendering
- Increase font size from 13px to default 14px via `flex-item`
- Add style to hashes
- Move the timestamp to title line. I realize it's not optimal for
translation, we may need to change all these translations
Before:
<img width="768" alt="Screenshot 2023-09-29 at 22 52 58"
src="https://github.com/go-gitea/gitea/assets/115237/edda8b84-23cf-4a43-90ad-a892798f4e6c">
After:
<img width="781" alt="Screenshot 2023-09-29 at 22 58 09"
src="https://github.com/go-gitea/gitea/assets/115237/7097474d-efcf-4f22-a2ab-834a4e25c4e8">
Giteabot [Fri, 20 Oct 2023 18:04:44 +0000 (02:04 +0800)]
[FIX] resolve confusing colors in languages stats by insert a gap (#27704) (#27715)
Backport #27704 by @RightFS
The current language stats are too obsessed with color matching. Similar
colors are always next to each other. It is a bit troublesome to find
the place where the color matching is generated, so just follow the
example of github and add a gap.
Fixes: https://github.com/go-gitea/gitea/issues/27604
Add negative margins so the header covers any shadow of active elements.
No rendering change of the content of the header because the padding
counteracts the effect.
Change confusing behavior when showing information about a repo via labels and icons.
Implement changes proposed by @lng2020 in
https://github.com/go-gitea/gitea/pull/27627#pullrequestreview-1678787673.
Giteabot [Thu, 19 Oct 2023 13:35:29 +0000 (21:35 +0800)]
Fix required checkboxes in issue forms (#27592) (#27692)
Backport #27592 by @JakobDev
If you set a checkbox as required in a issue form at the moment, the
checkbox is checked and read only, what does not make much sense. With
this PR, the Checkbox actually needs to be checked. The label supports
now also Markdown. This matches GitHub's behaviour.
And yes, I know the CSS is a ugly workaround. It looks like the given
CSS code is part Fomantic and I don't know how to change that. The
Maintainers are free to change that.
Giteabot [Wed, 18 Oct 2023 16:23:28 +0000 (00:23 +0800)]
Clipboard copy enhancements (#27669) (#27681)
Backport #27669 by @silverwind
1. Do not show temporary tooltips that are triggered from within
dropdowns. Previously this resulted in the tooltip being stuck to
top-left of the page like seen on issue comment URL copy. I could not
figure out any tippy options that prevent this, so I think it's better
to just not show it.
1. Refactor `initGlobalCopyToClipboardListener` so that it does not run
a often useless `document.querySelector` on every click, make
`data-clipboard-text-type` work with `data-clipboard-target`. No use in
current code base but still good to have. Finally some minor code
cleanup in the function.
Giteabot [Wed, 18 Oct 2023 13:07:52 +0000 (21:07 +0800)]
Support allowed hosts for webhook to work with proxy (#27655) (#27675)
Backport #27655 by @wolfogre
When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.
But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.
This PR fixes it by:
- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.
When login in with WebAuth, the page has a link to use TOTP instead.
This link is always displayed, no matter if the User has set up TOTP or
not, which do of cause not work for those who have not.
Giteabot [Wed, 11 Oct 2023 14:12:31 +0000 (22:12 +0800)]
Replace ajax with fetch, improve image diff (#27267) (#27583)
Backport #27267 by @silverwind
1. Dropzone attachment removal, pretty simple replacement
2. Image diff: The previous code fetched every image twice, once via
`img[src]` and once via `$.ajax`. Now it's only fetched once and a
second time only when necessary. The image diff code was partially
rewritten.
Giteabot [Wed, 11 Oct 2023 11:26:34 +0000 (19:26 +0800)]
show manual cron run's last time (#27544) (#27577)
Backport #27544 by @earl-warren
- Currently in the cron tasks, the 'Previous Time' only displays the
previous time of when the cron library executes the function, but not
any of the manual executions of the task.
- Store the last run's time in memory in the Task struct and use that,
when that time is later than time that the cron library has executed
this task.
- This ensures that if an instance admin manually starts a task, there's
feedback that this task is/has been run, because the task might be run
that quick, that the status icon already has been changed to an
checkmark,
- Tasks that are executed at startup now reflect this as well, as the
time of the execution of that task on startup is now being shown as
'Previous Time'.
- Added integration tests for the API part, which is easier to test
because querying the HTML table of cron tasks is non-trivial.
- Resolves https://codeberg.org/forgejo/forgejo/issues/949
Giteabot [Wed, 11 Oct 2023 02:39:12 +0000 (10:39 +0800)]
Fix attachment download bug (#27486) (#27571)
Backport #27486 by @lunny
Fix #27204
This PR allows `/<username>/<reponame>/attachments/<uuid>` access with
personal access token and also changed attachments API download url to
it so it can be download correctly.
Giteabot [Tue, 10 Oct 2023 12:22:26 +0000 (20:22 +0800)]
Increase queue length (#27555) (#27562)
Backport #27555 by @wolfogre
It should be OK to increase the default queue length since the default
type is "level".
IMO, the old default length (100) is a little too small. See
https://github.com/go-gitea/gitea/issues/27540#issuecomment-1754269491
IIRC, a larger length could lead to more memory usage only when the type
is "channel," but it's an obscure case. Otherwise, it's just a limit
(for "level" or "redis").